Apple, on Wednesday, release Security Update 2009-003. This patch addresses several vulnerabilities, but perhaps the most critical addresses a flaw that could allow an attacker compromise a machine after the user views a malformed image. According to Apple “Viewing a maliciously crafted [image file] may lead to an unexpected application termination or arbitrary code execution.”
Hold the phone here for a minute. I thought MACs were safe and secure. I see all those MAC v. PC commercials and other MAC ads that tell us how Apple's computers are not prone to all the spyware and attacks that deluge PCs on a daily basis. Now I know this is just one new set of updates, but if you combine these with the recently release iPhone security patches, it makes people stand up and take notice.
By no means am I a MAC hater or a PC lover. I actually like and work with both systems. To Microsoft's credit, they have, for years, stated that the reason their systems are attacked so much is because they are the most widely used. MACs made up a small percentage of the tohome and business computer market place, so why waste time writing malicious code to attack them, when the same efforts could wipe out the much larger Windows PC market. Now that MACs (especially iPhone/iPods) have grown in popularity and are eating up more market share, it only makes sense that they will now be subject to more attacks.
I guess my point in all of this is really simple: MACs are no longer as safe as the folks at Apple want everyone to believe!
Friday, August 7, 2009
Tuesday, June 23, 2009
Email Security: Keeping it Plain
Email security has become a major hot-button topic on IT and business forums over the past couple of years; and with good reason: According to recent research, Spam accounts for 14.5 billion messages globally per day. In other words, spam makes up 45% of all emails. Some statistics say that figure could be as high as 73%. (That is 3 out of every 4 emails received!).
Besides being a nuisance, SPAM messages typically come from marketers in the form of HTML (Web)-based messages. This can create a serious security risk for both home users and businesses. If your child uses your computer, it’s probably to assume that you don’t want him or her viewing a message containing pictures for male enhancement formulas!
When you view an HTML message, you get much more than just the message. Embedded images and stylesheets are downloaded from a remote web server. This is called a "web bug". Your email client (via the built-in HTML viewer) sends the following information to that web server without your knowledge:
- Any piece of information attached to the URL of the image
- Your internet IP address
- Date / time when you read the message
- Your OS type
- Your browser type
- The language set in your browser
Additionally, HTML messages may contain executable code in the form of javascripts, ActiveX components, Flash applets, etc. These snippets of code could allow a hacker remote access to your computer and the personal data it contains. It could also allow them to remotely launch an attack on a corporate or government computer network. Pretty unsavory stuff!
So, what’s the solution?
Text only email!
It may not be as glamorous, but configuring your email client to only view messages as text, rather than HTML will allow you to defeat many of these email attacks. True, you won’t see the fancy text and the pictures that are embedded in the email messages, but you will be able to read the message safely!
Taking it a step further, you should also send messages as text only rather than as HTML or Rich Text. This will not only keep the messages safe, but ensure that your recipient(s) are able to read the message correctly on their email clients, iPods, Blackberries, or other devices.
Friday, May 1, 2009
Office 2007 SP2: Should You Even Bother?
Microsoft, with very little ballyhoo, released Service Pack 2 for Office 2007 earlier this week. This latest bundle of security patches, upgrades and enhancements comes on the immediate heels of the end of free support life-cycle for its predecessor, Office 2003.
SP2 has some key features; most notably, the ability to save files as PDFs (portable document format) natively, as well as the ability to open and save Open Document Format (ODF) files. This will allow Word users to better share files created with the popular (and free) Open Office suite from Sun Microsystems. (note: I have been opening Word docs in Open Office for several years). Other key enhancements include improvements to Excel's charting functionality and the addition of a chart object model to Word and to PowerPoint. Perhaps the most appreciated enhancement will be the improvements to Outlook. Notorious for slow start-ups and sometimes sluggish performance, the EMail/PIM app should now start faster, shutdown with fewer errors and provide improvements in the "underlying data structures and the general reliability of calendar updates".
You read a detailed list of all that SP2 contains by visiting: http://support.microsoft.com/kb/953195
SP2 has some key features; most notably, the ability to save files as PDFs (portable document format) natively, as well as the ability to open and save Open Document Format (ODF) files. This will allow Word users to better share files created with the popular (and free) Open Office suite from Sun Microsystems. (note: I have been opening Word docs in Open Office for several years). Other key enhancements include improvements to Excel's charting functionality and the addition of a chart object model to Word and to PowerPoint. Perhaps the most appreciated enhancement will be the improvements to Outlook. Notorious for slow start-ups and sometimes sluggish performance, the EMail/PIM app should now start faster, shutdown with fewer errors and provide improvements in the "underlying data structures and the general reliability of calendar updates".
You read a detailed list of all that SP2 contains by visiting: http://support.microsoft.com/kb/953195
Monday, April 20, 2009
Office 2007 or OpenOffice.Org
In case you haven't heard, as of April 14, Microsoft has ended its free support for Office 2003. The popular application which includes programs such as Word, Outlook, Excel and PowerPoint, now enters its second five-year phase, called "extended support". Users will still be able to download free security updates through the Microsoft Update service but will have to pay for per-incident product support. Users requesting non-security hotfixes will need to purchase a Microsoft Extended Hotfix Support Agreement.
For the small business this creates several challenges:
1. Do we purchase the extended support?
2. Do we skip extended support and simply rely on the free security fixes for the time being?
3. Should we upgrade to Office 2007 and attempt to learn the new "ribbon" interface?
4. Do we consider moving to OpenOffice.org or another suite?
Let's explore these options.
For small or mid-sized shops with minimal or no IT staff options 1 or 2 may be viable based on how many PCs you have and your average number of monthly incidents. You will have to weigh out the costs of purchasing the extended support versus paying approximately $59 on a per-incident basis. For more information regarding purchasing support options, visit support.microsoft.com/gp/lifepolicy
Upgrading to Office 2007 can seem like a daunting proposition. The interface is dramatically different than previous versions. The new "ribbon" interface is more intuitive but takes some getting used to. If upgrading is your chosen route, plan on a fairly sizable learning curve for your staff. Take advantage of training materials and tools provided on the microsoft office web site (www.microsoft.com/officebusiness/).
The final option to consider is a move to OpenOffice.org (www.openoffice.org/), the free office suite provided by Sun Microsystems (there is also a version available from Novell). This suite includes a word processor, spreadsheet program, presentation tool and a small database program similar to MS Access. The interface is more akin to Office 2003 and the price (free) can't be beat. However, it does lack a lot of the scripting/macro options that Office handled. So if you have a fairly customized version of Word running, this may not be your best choice. On the otherhand, if you just use the programs straight out of the box, this may be a viable alternative, especially if you are looking to reduce licensing costs.
What are your plans? If you own or manage a small business and are looking for help or guidance regarding Office or any other technology issue, please visit our web site: http://www.zim-network.net/. We will be happy to meet with you to discuss how to maximize your organization's technology ROI.
For the small business this creates several challenges:
1. Do we purchase the extended support?
2. Do we skip extended support and simply rely on the free security fixes for the time being?
3. Should we upgrade to Office 2007 and attempt to learn the new "ribbon" interface?
4. Do we consider moving to OpenOffice.org or another suite?
Let's explore these options.
For small or mid-sized shops with minimal or no IT staff options 1 or 2 may be viable based on how many PCs you have and your average number of monthly incidents. You will have to weigh out the costs of purchasing the extended support versus paying approximately $59 on a per-incident basis. For more information regarding purchasing support options, visit support.microsoft.com/gp/lifepolicy
Upgrading to Office 2007 can seem like a daunting proposition. The interface is dramatically different than previous versions. The new "ribbon" interface is more intuitive but takes some getting used to. If upgrading is your chosen route, plan on a fairly sizable learning curve for your staff. Take advantage of training materials and tools provided on the microsoft office web site (www.microsoft.com/officebusiness/).
The final option to consider is a move to OpenOffice.org (www.openoffice.org/), the free office suite provided by Sun Microsystems (there is also a version available from Novell). This suite includes a word processor, spreadsheet program, presentation tool and a small database program similar to MS Access. The interface is more akin to Office 2003 and the price (free) can't be beat. However, it does lack a lot of the scripting/macro options that Office handled. So if you have a fairly customized version of Word running, this may not be your best choice. On the otherhand, if you just use the programs straight out of the box, this may be a viable alternative, especially if you are looking to reduce licensing costs.
What are your plans? If you own or manage a small business and are looking for help or guidance regarding Office or any other technology issue, please visit our web site: http://www.zim-network.net/. We will be happy to meet with you to discuss how to maximize your organization's technology ROI.
Subscribe to:
Posts (Atom)
